diff --git a/squidGuard-1.4/configure b/squidGuard-1.4/configure index 6d9c4f2..e79774a 100755 --- a/squidGuard-1.4/configure +++ b/squidGuard-1.4/configure @@ -4260,7 +4260,7 @@ if test $ac_cv_lib_ldap_ldap_init = yes; then echo "checking for ldap support... yes" with_ldap=yes LIBS="$LIBS -lldap" - YACCLINE=" | LDAPUSERSEARCH WORD { sgSourceLdapUserSearch(\$2); }" + YACCLINE=" | LDAPUSERSEARCH STRING { sgSourceLdapUserSearch(\$2); }" else diff --git a/squidGuard-1.4/configure.in b/squidGuard-1.4/configure.in index ea09c3b..9dfca11 100644 --- a/squidGuard-1.4/configure.in +++ b/squidGuard-1.4/configure.in @@ -175,7 +175,7 @@ if test "$with_ldap" = "yes" -o "$with_ldap" = "true"; then echo "checking for ldap support... yes" with_ldap=yes LIBS="$LIBS -lldap" - YACCLINE=" | LDAPUSERSEARCH WORD { sgSourceLdapUserSearch(\$2); }" + YACCLINE=" | LDAPUSERSEARCH STRING { sgSourceLdapUserSearch(\$2); }" ],[ AC_MSG_WARN([Cannot find LDAP libraries. LDAP support disabled]) with_ldap=no diff --git a/squidGuard-1.4/src/sg.l b/squidGuard-1.4/src/sg.l index 74507cd..7728f31 100644 --- a/squidGuard-1.4/src/sg.l +++ b/squidGuard-1.4/src/sg.l @@ -74,23 +74,14 @@ weekdays (({weekday}{s}*[, \t]+{s}*)*{weekday})|[\*] <hexchar> ::= 0-9, a-f, A-F */ -ldaphexchar [0-9a-fA-f] -ldaphex {ldaphexchar}{ldaphexchar} -ldapspecial [,=+<>#;\r\n] -ldapstringchar [^,=+<>#;\r\n] -ldappair \\({ldapspecial}|\\|\") -ldapstring (({ldapstringchar}|{ldappair})*|\"({ldapstringchar}|{ldapspecial}|{ldappair})*\"|#{ldaphex}) -ldapkey [a-zA-Z0-9][a-zA-Z0-9 ]* -ldapattribute {ldapkey}{s}*={s}*{ldapstring} -ldapnamecomponent ({ldapattribute}{s}*+{s}*)*{ldapattribute} -ldapspacedseparator \ *[,;]\ * -ldapdn ({ldapnamecomponent}{ldapspacedseparator})*{ldapnamecomponent} - %x REDIRECT_STATE %x EXEC_STATE -%x LDAPDN_STATE +%x STRING_STATE %% + char string_buf[MAX_BUF]; + char *string_buf_ptr; + [ \t]*#.* ; "{" return START_BRACKET; @@ -107,7 +98,7 @@ ldapdn ({ldapnamecomponent}{ldapspacedseparator})*{ldapnamecompo ^logdir return LOGDIR; ^ldapcachetime return LDAPCACHETIME; ^ldapprotover return LDAPPROTOVER; -^ldapbinddn { BEGIN LDAPDN_STATE; return LDAPBINDDN; } +^ldapbinddn return LDAPBINDDN; ^ldapbindpass return LDAPBINDPASS; ^mysqlusername return MYSQLUSERNAME; ^mysqlpassword return MYSQLPASSWORD; @@ -124,7 +115,7 @@ userquery { } ldapusersearch { /* use the REDIRECT_STATE logic, since it handles URLs nicely */ - BEGIN REDIRECT_STATE; + /* BEGIN REDIRECT_STATE; */ return LDAPUSERSEARCH; } execuserlist { @@ -169,8 +160,34 @@ ip return IP; <EXEC_STATE>[^\n]* { yylval.string = yytext; BEGIN 0; return EXECCMD; } <EXEC_STATE>\n {lineno++;} -<LDAPDN_STATE>{ldapdn} {yylval.string = yytext; BEGIN 0; return LDAPDNSTR;} -<LDAPDN_STATE>\n {lineno++;} +\" { string_buf_ptr = string_buf; BEGIN STRING_STATE; } +<STRING_STATE>\" { *string_buf_ptr = '\0'; yylval.string = string_buf; BEGIN 0; return QUOTED_STRING; } +<STRING_STATE>\\x[0-9a-fA-F]{2} { + if (string_buf_ptr-string_buf < sizeof(string_buf)-1) + { + int hexcode; + sscanf( yytext + 2, "%x", &hexcode ); + *string_buf_ptr++ = (char) hexcode; + } + } +<STRING_STATE>\\n { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\n'; } +<STRING_STATE>\\r { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\r'; } +<STRING_STATE>\\a { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\a'; } +<STRING_STATE>\\b { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\b'; } +<STRING_STATE>\\t { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\t'; } +<STRING_STATE>\n { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = '\n'; } +<STRING_STATE>\\\n { /* continuation line - ignore the \ and newline */; } +<STRING_STATE>\\. { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = yytext[1]; } +<STRING_STATE>[^\\\n\"]+ { + char *yyptr = yytext; + while (*yyptr) + { + if (string_buf_ptr-string_buf >= sizeof(string_buf)-1) + break; + *string_buf_ptr++ = *yyptr++; + } + } +<STRING_STATE>. { if (string_buf_ptr-string_buf < sizeof(string_buf)-1) *string_buf_ptr++ = yytext[1]; } [a-zA-Z\/][a-zA-Z0-9/_\-\.\/\:\%\+\?=&]* {yylval.string = yytext ; return WORD;} s@(([^@}]|\\@|\\\})+)@(([^@}]|\\@|\\\})+)@[girR]* {yylval.string = yytext; return SUBST;} diff --git a/squidGuard-1.4/src/sg.y.in b/squidGuard-1.4/src/sg.y.in index 9862664..b311b4b 100644 --- a/squidGuard-1.4/src/sg.y.in +++ b/squidGuard-1.4/src/sg.y.in @@ -85,7 +85,7 @@ rfc1738_unescape(char *s) int *integer; } -%token WORD END START_BRACKET STOP_BRACKET WEEKDAY LDAPDNSTR +%token WORD END START_BRACKET STOP_BRACKET WEEKDAY %token DESTINATION REWRITE ACL TIME TVAL DVAL DVALCRON %token SOURCE CIDR IPCLASS CONTINUE %token IPADDR DBHOME DOMAINLIST URLLIST EXPRESSIONLIST IPLIST @@ -94,8 +94,11 @@ rfc1738_unescape(char *s) %token WITHIN OUTSIDE ELSE LOGFILE ANONYMOUS VERBOSE CONTINIOUS SPORADIC %token LDAPCACHETIME EXECUSERLIST EXECCMD LDAPPROTOVER %token LDAPBINDDN LDAPBINDPASS MYSQLUSERNAME MYSQLPASSWORD DATABASE +%token QUOTED_STRING %type <string> WORD +%type <string> QUOTED_STRING +%type <string> STRING %type <string> EXECCMD %type <string> WEEKDAY %type <string> LDAPDNSTR @@ -121,10 +124,16 @@ rfc1738_unescape(char *s) start: statements ; -dbhome: DBHOME WORD { sgSetting("dbhome",$2); } +STRING: WORD | QUOTED_STRING + ; + +LDAPDNSTR: QUOTED_STRING + ; + +dbhome: DBHOME STRING { sgSetting("dbhome",$2); } ; -logdir: LOGDIR WORD { sgSetting("logdir",$2); } +logdir: LOGDIR STRING { sgSetting("logdir",$2); } ; ldapcachetime: LDAPCACHETIME NUMBER { sgSetting("ldapcachetime",$2); } @@ -136,16 +145,16 @@ ldapprotover: LDAPPROTOVER NUMBER {sgSetting("ldapprotover",$2); } ldapbinddn: LDAPBINDDN LDAPDNSTR { sgSetting("ldapbinddn",$2); } ; -ldapbindpass: LDAPBINDPASS WORD { sgSetting("ldapbindpass",$2); } +ldapbindpass: LDAPBINDPASS STRING { sgSetting("ldapbindpass",$2); } ; -mysqlusername: MYSQLUSERNAME WORD { sgSetting("mysqlusername",$2); } +mysqlusername: MYSQLUSERNAME STRING { sgSetting("mysqlusername",$2); } ; -mysqlpassword: MYSQLPASSWORD WORD { sgSetting("mysqlpassword",$2); } +mysqlpassword: MYSQLPASSWORD STRING { sgSetting("mysqlpassword",$2); } ; -mysqldb: DATABASE WORD { sgSetting("mysqldb",$2); } +mysqldb: DATABASE STRING { sgSetting("mysqldb",$2); } ; start_block: @@ -167,22 +176,22 @@ destination_contents: | destination_contents destination_content ; destination_content: - DOMAINLIST WORD { sgDestDomainList($2); } + DOMAINLIST STRING { sgDestDomainList($2); } | DOMAINLIST '-' { sgDestDomainList(NULL); } - | URLLIST WORD { sgDestUrlList($2); } + | URLLIST STRING { sgDestUrlList($2); } | URLLIST '-' { sgDestUrlList(NULL); } | EXPRESSIONLIST '-' { sgDestExpressionList(NULL,NULL); } - | EXPRESSIONLIST 'i' WORD { sgDestExpressionList($3,"i"); } - | EXPRESSIONLIST WORD { sgDestExpressionList($2,"n"); } - | REDIRECT WORD {sgDestRedirect($2); } - | REWRITE WORD {sgDestRewrite($2); } + | EXPRESSIONLIST 'i' STRING { sgDestExpressionList($3,"i"); } + | EXPRESSIONLIST STRING { sgDestExpressionList($2,"n"); } + | REDIRECT STRING {sgDestRedirect($2); } + | REWRITE STRING {sgDestRewrite($2); } | WITHIN WORD { sgDestTime($2,WITHIN); } | OUTSIDE WORD { sgDestTime($2,OUTSIDE); } - | LOGFILE ANONYMOUS WORD { sgLogFile(SG_BLOCK_DESTINATION,1,0,$3); } - | LOGFILE VERBOSE WORD { sgLogFile(SG_BLOCK_DESTINATION,0,1,$3); } - | LOGFILE ANONYMOUS VERBOSE WORD { sgLogFile(SG_BLOCK_DESTINATION,1,1,$4); } - | LOGFILE VERBOSE ANONYMOUS WORD { sgLogFile(SG_BLOCK_DESTINATION,1,1,$4); } - | LOGFILE WORD { sgLogFile(SG_BLOCK_DESTINATION,0,0,$2); } + | LOGFILE ANONYMOUS STRING { sgLogFile(SG_BLOCK_DESTINATION,1,0,$3); } + | LOGFILE VERBOSE STRING { sgLogFile(SG_BLOCK_DESTINATION,0,1,$3); } + | LOGFILE ANONYMOUS VERBOSE STRING { sgLogFile(SG_BLOCK_DESTINATION,1,1,$4); } + | LOGFILE VERBOSE ANONYMOUS STRING { sgLogFile(SG_BLOCK_DESTINATION,1,1,$4); } + | LOGFILE STRING { sgLogFile(SG_BLOCK_DESTINATION,0,0,$2); } ; source: SOURCE WORD { sgSource($2); } @@ -197,7 +206,7 @@ source_contents: source_content: DOMAIN domain | USER user - | USERLIST WORD { sgSourceUserList($2); } + | USERLIST STRING { sgSourceUserList($2); } @MYSQLLINE@ @YACCLINE@ | EXECUSERLIST EXECCMD { sgSourceExecUserList($2); } @@ -206,23 +215,23 @@ source_content: DOMAIN domain | USERQUOTA NUMBER NUMBER WEEKLY { sgSourceUserQuota($2,$3,"604800");} | USERQUOTA NUMBER NUMBER NUMBER { sgSourceUserQuota($2,$3,$4);} | IP ips - | IPLIST WORD { sgSourceIpList($2); } + | IPLIST STRING { sgSourceIpList($2); } | WITHIN WORD { sgSourceTime($2,WITHIN); } | OUTSIDE WORD { sgSourceTime($2,OUTSIDE); } - | LOGFILE ANONYMOUS WORD {sgLogFile(SG_BLOCK_SOURCE,1,0,$3);} - | LOGFILE VERBOSE WORD {sgLogFile(SG_BLOCK_SOURCE,0,1,$3);} - | LOGFILE ANONYMOUS VERBOSE WORD {sgLogFile(SG_BLOCK_SOURCE,1,1,$4);} - | LOGFILE VERBOSE ANONYMOUS WORD {sgLogFile(SG_BLOCK_SOURCE,1,1,$4);} - | LOGFILE WORD { sgLogFile(SG_BLOCK_SOURCE,0,0,$2); } + | LOGFILE ANONYMOUS STRING {sgLogFile(SG_BLOCK_SOURCE,1,0,$3);} + | LOGFILE VERBOSE STRING {sgLogFile(SG_BLOCK_SOURCE,0,1,$3);} + | LOGFILE ANONYMOUS VERBOSE STRING {sgLogFile(SG_BLOCK_SOURCE,1,1,$4);} + | LOGFILE VERBOSE ANONYMOUS STRING {sgLogFile(SG_BLOCK_SOURCE,1,1,$4);} + | LOGFILE STRING { sgLogFile(SG_BLOCK_SOURCE,0,0,$2); } | CONTINUE { lastSource->cont_search = 1; } ; domain: - | domain WORD { sgSourceDomain($2); } + | domain STRING { sgSourceDomain($2); } | domain ',' ; user: - | user WORD { sgSourceUser($2); } + | user STRING { sgSourceUser($2); } | user ',' ; @@ -250,12 +259,12 @@ access_contents: access_content: PASS access_pass { } | REWRITE WORD { sgAclSetValue("rewrite",$2,0); } - | REDIRECT WORD { sgAclSetValue("redirect",$2,0); } - | LOGFILE ANONYMOUS WORD {sgLogFile(SG_BLOCK_ACL,1,0,$3);} - | LOGFILE VERBOSE WORD {sgLogFile(SG_BLOCK_ACL,0,1,$3);} - | LOGFILE ANONYMOUS VERBOSE WORD {sgLogFile(SG_BLOCK_ACL,1,1,$4);} - | LOGFILE VERBOSE ANONYMOUS WORD {sgLogFile(SG_BLOCK_ACL,1,1,$4);} - | LOGFILE WORD { sgLogFile(SG_BLOCK_ACL,0,0,$2); } + | REDIRECT STRING { sgAclSetValue("redirect",$2,0); } + | LOGFILE ANONYMOUS STRING {sgLogFile(SG_BLOCK_ACL,1,0,$3);} + | LOGFILE VERBOSE STRING {sgLogFile(SG_BLOCK_ACL,0,1,$3);} + | LOGFILE ANONYMOUS VERBOSE STRING {sgLogFile(SG_BLOCK_ACL,1,1,$4);} + | LOGFILE VERBOSE ANONYMOUS STRING {sgLogFile(SG_BLOCK_ACL,1,1,$4);} + | LOGFILE STRING { sgLogFile(SG_BLOCK_ACL,0,0,$2); } ; access_pass: @@ -294,11 +303,11 @@ rew_contents: rew_content: SUBST { sgRewriteSubstitute($1); } | WITHIN WORD { sgRewriteTime($2,WITHIN); } | OUTSIDE WORD { sgRewriteTime($2,OUTSIDE); } - | LOGFILE ANONYMOUS WORD { sgLogFile(SG_BLOCK_REWRITE,1,0,$3); } - | LOGFILE VERBOSE WORD { sgLogFile(SG_BLOCK_REWRITE,0,1,$3); } - | LOGFILE ANONYMOUS VERBOSE WORD { sgLogFile(SG_BLOCK_REWRITE,1,1,$4); } - | LOGFILE VERBOSE ANONYMOUS WORD { sgLogFile(SG_BLOCK_REWRITE,1,1,$4); } - | LOGFILE WORD { sgLogFile(SG_BLOCK_REWRITE,0,0,$2); } + | LOGFILE ANONYMOUS STRING { sgLogFile(SG_BLOCK_REWRITE,1,0,$3); } + | LOGFILE VERBOSE STRING { sgLogFile(SG_BLOCK_REWRITE,0,1,$3); } + | LOGFILE ANONYMOUS VERBOSE STRING { sgLogFile(SG_BLOCK_REWRITE,1,1,$4); } + | LOGFILE VERBOSE ANONYMOUS STRING { sgLogFile(SG_BLOCK_REWRITE,1,1,$4); } + | LOGFILE STRING { sgLogFile(SG_BLOCK_REWRITE,0,0,$2); } ;